Export (0) Print
Expand All

3.3.5.9 Receiving an SMB2 CREATE Request

When the server receives a request with an SMB2 header with a Command value equal to SMB2 CREATE, message handling proceeds as described in the following sections.

If Connection.Dialect belongs to the SMB 3.x dialect family and the request does not contain SMB2_CREATE_DURABLE_HANDLE_RECONNECT Create Context or SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 Create Context, the server MUST look up an existing open in the GlobalOpenTable where Open.FileName matches the file name in the Buffer field of the request. If an Open entry is found, and if all the following conditions are satisfied, the server MUST fail the request with STATUS_FILE_NOT_AVAILABLE.

  • Open.IsPersistent is TRUE

  • Open.Connection is NULL

  • Open.OplockLevel is not equal to SMB2_OPLOCK_LEVEL_BATCH

  • Open.OplockLevel is not equal to SMB2_OPLOCK_LEVEL_LEASE or Open.Lease.LeaseState does not include SMB2_LEASE_HANDLE_CACHING

The server MAY<237> validate the create contexts before session verification.

Session Verification:

The server MUST locate the session, as specified in section 3.3.5.2.9.

Tree Connect Verification:

The server MUST locate the tree connection, as specified in section 3.3.5.2.11.

Path Name Validation:

The server MUST verify the request size. If the size of the SMB2 CREATE Request (excluding the SMB2 header) is less than specified in the StructureSize field, then the request MUST be failed with STATUS_INVALID_PARAMETER.

The server MUST extract the target path name for the create from the SMB2 CREATE Request.

If the request received has SMB2_FLAGS_DFS_OPERATIONS set in the Flags field of the SMB2 header, and TreeConnect.Share.IsDfs is TRUE, the server MUST verify the value of IsDfsCapable:

  • If IsDfsCapable is TRUE, the server MUST invoke the interface defined in [MS-DFSC] section 3.2.4.1 to normalize the path name by supplying the target path name.

  • If IsDfsCapable is FALSE, the server MUST fail the request with STATUS_FS_DRIVER_REQUIRED.

If the request received does not have the SMB2_FLAGS_DFS_OPERATIONS flag set in the Flags field of the SMB2 header, or TreeConnect.Share.IsDfs is FALSE, the server MUST NOT invoke normalization and continue the create process.

If normalization fails, the server MUST fail the create request with the error code returned by the DFS normalization routine.

If the normalization procedure succeeds, returning an altered target name, the modified name MUST be used for further operations.

If the file name length is greater than zero and the first character is a path separator character, the server MUST fail the request with STATUS_INVALID_PARAMETER. If the file name fails to conform with the specification of a relative pathname in [MS-FSCC] section 2.1.5, the server MUST fail the request with STATUS_OBJECT_NAME_INVALID.

The server MUST verify the file name in an implementation-specific manner.<238>

For pipe opens, the server MUST ignore FileAttributes.

For print files, if the FileAttributes field includes FILE_ATTRIBUTE_DIRECTORY, the server MUST fail the open with the error code STATUS_NOT_SUPPORTED.

If the share that is the target of the create request is the IPC$ share and Session.IsAnonymous is TRUE, the server MUST invoke the event specified in [MS-SRVS] section 3.1.6.17 by providing the target name as the input parameter. If the event returns FALSE, indicating that no matching named pipe is found that allows an anonymous user, the server MUST fail the request with STATUS_ACCESS_DENIED and increase ServerStatistics.sts0_permerrors by 1. Otherwise, the server MUST continue the open processing.

If the share that is the target of the create request is a printer, the server MUST validate the DesiredAccess and CreateDisposition fields of the request. If the DesiredAccess value does not include one or more of the FILE_WRITE_DATA, FILE_APPEND_DATA, or GENERIC_WRITE bits, the server SHOULD<239> fail the request with STATUS_NOT_SUPPORTED. If the DesiredAccess value contains any other bits, the server MUST fail the request with STATUS_NOT_SUPPORTED. If the CreateDisposition value is other than FILE_CREATE, the server SHOULD<240> fail the request with STATUS_OBJECT_NAME_NOT_FOUND.

If any intermediate component of the path specified in the create request is a symbolic link, the server MUST return an error as specified in section 2.2.2.1. Symbolic links MUST NOT be evaluated by the server.

If the final component of the path is a symbolic link, the server behavior depends on whether the flag FILE_OPEN_REPARSE_POINT was specified in the CreateOptions field of the request. If FILE_OPEN_REPARSE_POINT was specified, the server MUST open the underlying file or directory and return a handle to it. Otherwise, the server MUST return an error as specified in section 2.2.2.1.

Create Context Validation:

The server SHOULD<241> fail any request having a create context not specified in section 2.2.13.2 with a STATUS_INVALID_PARAMETER error.

If the size of each individual create context is not equal to the DataLength of the create context, the server MUST fail the request with STATUS_INVALID_PARAMETER.

The following subsections detail server behavior when various create contexts are provided in the request and describe how that affects server operation.

Open Execution:

If the FILE_DELETE_ON_CLOSE flag is set in CreateOptions and any of the following conditions is TRUE, the server SHOULD<242> fail the request with STATUS_ACCESS_DENIED.

  • DesiredAccess does not include DELETE or GENERIC_ALL.

  • Treeconnect.MaximalAccess does not include DELETE or GENERIC_ALL.

If the ImpersonationLevel in the request is not one of the values specified in section 2.2.13, the server SHOULD<243> fail the request with STATUS_BAD_IMPERSONATION_LEVEL.

When opening a named pipe, if the ImpersonationLevel level is Delegate, the server MUST fail the request with STATUS_BAD_IMPERSONATION_LEVEL.

For open requests on a share of type STYPE_DISKTREE (as indicated by TreeConnect.Share.Type), the server MUST do the following:

  • If TreeConnect.Share.RestrictExclusiveOpens is TRUE and the ShareAccess field does not include FILE_SHARE_READ, and the DesiredAccess field does not include GENERIC_ALL, GENERIC_WRITE, FILE_WRITE_DATA, FILE_WRITE_ATTRIBUTES, FILE_WRITE_EA, or FILE_APPEND_DATA, the server SHOULD<244> set FILE_SHARE_READ in the ShareAccess field.

  • If TreeConnect.Share.ForceSharedDelete is TRUE, the server MUST set FILE_SHARE_DELETE in the ShareAccess field.

  • If TreeConnect.Share.ForceLevel2Oplock is TRUE, and RequestedOplockLevel is SMB2_OPLOCK_LEVEL_BATCH or SMB2_OPLOCK_LEVEL_EXCLUSIVE, the server SHOULD<245> set RequestedOplockLevel to SMB2_OPLOCK_LEVEL_II.

  • If Connection.Dialect belongs to the SMB 3.x dialect family TreeConnect.Share.Type includes STYPE_CLUSTER_SOFS and the RequestedOplockLevel is SMB2_OPLOCK_LEVEL_BATCH, the server MUST set RequestedOplockLevel to SMB2_OPLOCK_LEVEL_II.

The server MUST use the security context of the session in Session.SecurityContext to attempt to open the named object in the underlying object store using the parameters specified for DesiredAccess, FileAttributes, ShareAccess, CreateDisposition, CreateOptions, and the PathName. The PathName MUST be parsed relative to TreeConnect.Share.LocalPath. The server MUST map these flags to match the semantics of its implementation-specific object store [MS-FSA].<246> See section 2.2.13 for more details on the exact meaning of the various flags and options. If the underlying object store returns a failure for the attempted Open, the server MUST send an SMB2 error response with an error code as specified in section 2.2.2. The same rules apply when opening named pipe and print files, except that some flags and options are not supported when opening named pipes and print files. The flags and options that are not supported when opening named pipes and print files are specified in section 2.2.13.

Failed Open Handling:

If the underlying object store returns a failure indicating that the attempted open operation failed due to the presence of a symbolic link in the target path name, the server MUST fail the create operation with the error code STATUS_STOPPED_ON_SYMLINK, and pass back the error to the client by constructing an error response as specified in section 2.2.2.1.<247>

If the underlying object store returns STATUS_ACCESS_DENIED, ServerStatistics.sts0_permerrors MUST be increased by 1.

Successful Open Initialization:

If the open is successful, the server MUST allocate an open object for this open and insert it into Session.OpenTable and GlobalOpenTable. If TreeConnect.Share.Type is not equal to STYPE_PRINTQ, ServerStatistics.sts0_fopens MUST be increased by 1. If TreeConnect.Share.Type is equal to STYPE_PRINTQ, ServerStatistics.sts0_jobsqueued MUST be increased by 1. The server MUST also register the Open by invoking the event specified in [MS-SRVS] section 3.1.6.4 and assign the return value to Open.FileGlobalId. The other initial values MUST be set as follows:

  • Open.FileId is set to a generated value that uniquely identifies this Open in Session.OpenTable. The SMB2 server MUST reserve -1 for invalid FileId.

  • If Open.IsDurable is TRUE or Open.IsResilient is TRUE, Open.DurableFileId is set to a generated value that uniquely identifies this open in GlobalOpenTable. Otherwise, Open.DurableFileId is set to a generated value that uniquely identifies this Open in Session.OpenTable.

  • Open.Session is set to refer to the session that performed the open.

  • Open.Connection is set to refer to the connection on which the open request was received.

  • Open.ClientGuid is set to Open.Connection.ClientGuid.

  • Open.LocalOpen is set to the open of the object in the local resource received as part of the local create operation.

  • Open.GrantedAccess is the access granted to the caller for the open by the underlying object store. It MUST be equal to the DesiredAccess specified in the request, except in the case where MAXIMUM_ALLOWED is included in the DesiredAccess.

  • Open.OplockLevel is set to SMB2_OPLOCK_LEVEL_NONE.

  • Open.OplockState is set to None.

  • Open.OplockTimeout is set to 0.

  • Open.IsDurable is set to FALSE.

  • Open.DurableOpenTimeout is set to 0.

  • Open.DurableOwner is set to NULL.

  • Open.EnumerationLocation is set to 0.

  • Open.EnumerationSearchPattern is set to an empty string.

  • Open.CurrentEaIndex is set to 1.

  • Open.CurrentQuotaIndex is set to 1.

  • Open.TreeConnect is set to refer to the TreeConnect on which the open request was performed and Open.TreeConnect.OpenCount MUST be increased by 1.

  • Open.LockCount is set to 0.

  • Open.PathName is set to the full local path that the current open is performed on.

If Connection.Dialect is not "2.002" and the server supports leasing, the server MUST initialize the following:

  • Open.Lease MUST be set to NULL.

  • Open.IsResilient MUST be set to FALSE.

  • Open.ResilientOpenTimeout MUST be set to 0.

  • Open.LockSequenceArray[]: Each element of Open.LockSequenceArray[] MUST be set to 0.

If Connection.Dialect belongs to the SMB 3.x dialect family, the server MUST initialize the following:

  • Open.AppInstanceId MUST be set to AppInstanceId in the SMB2_CREATE_APP_INSTANCE_ID create context request if the create request includes the SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 and SMB2_CREATE_APP_INSTANCE_ID create contexts.

  • Open.CreateGuid MUST be set to NULL.

  • Open.IsPersistent MUST be set to FALSE.

  • Open.FileName MUST be set to the file name in the Buffer field of the request.

  • Open.DesiredAccess MUST be set to the DesiredAccess field of the request.

  • Open.ShareMode MUST be set to the ShareAccess field of the request.

  • Open.CreateOptions MUST be set to the CreateOptions field of the request.

  • Open.FileAttributesOptions MUST be set to the FileAttributes field of the request.

  • Open.CreateDisposition MUST be set to the CreateDisposition field of the request.

The server MUST locate the Request in Connection.RequestList for which Request.MessageId matches the MessageId value in the SMB2 header, and set Request.Open to the Open.

Oplock Acquisition:

If the server does not support leasing and RequestedOplockLevel is set to SMB2_OPLOCK_LEVEL_LEASE, the server MUST ignore the "RqLs" create context.

If the server supports leasing, the name of the create context is "RqLs" as defined in section 2.2.13.2, and RequestedOplockLevel is set to SMB2_OPLOCK_LEVEL_LEASE, the server MUST do the following:

  • If the size of the Buffer, in bytes, of the SMB2_CREATE_CONTEXT is not equal to the size of the SMB2_CREATE_REQUEST_LEASE (0x20) or the size of the SMB2_CREATE_REQUEST_LEASE_V2 ( 0x34), the server MUST fail the request with STATUS_INVALID_PARAMETER.

  • If Connection.Dialect is "2.100" or belongs to the "3.x" dialect family, and the DataLength field equals 0x20, the server MUST attempt to acquire a lease on the open from the underlying object store as described in section 3.3.5.9.8.

  • If Connection.Dialect belongs to the "3.x" dialect family, and the DataLength field equals 0x34, the server MUST attempt to acquire a lease on the open from the underlying object store, as described in section 3.3.5.9.11.

  • Otherwise, the server MUST fail the request with STATUS_INVALID_PARAMETER.

If the open is successful, the shared resource is not a named pipe, and the RequestedOplockLevel is not SMB2_OPLOCK_LEVEL_NONE, the server MUST attempt to acquire an opportunistic lock on the open from the underlying object store.<248> If the underlying object store grants the oplock, then Open.OplockState MUST be set to Held and Open.OplockLevel MUST be set to the level of the oplock acquired.

Response Construction:

The server MUST construct a response following the syntax specified in section 2.2.14. The values MUST be set as follows:

  • OplockLevel is set to Open.OplockLevel.

  • CreateAction is set to the action taken by the create following the syntax specified in section 2.2.14.

  • CreationTime is set to the value queried from the object store for when the object was created.<249>

  • LastAccessTime is set to the value queried from the object store for when the object was last accessed.<250>

  • LastWriteTime is set to the value queried from the object store for when the object was last written to.<251>

  • ChangeTime is set to the value queried from the object store for when the object was last modified, including attribute changes.<252>

  • AllocationSize is set to the amount of space reserved for the object, in bytes, on the underlying object store.<253> If this is a named pipe, AllocationSize SHOULD be 0.<254>

  • EndofFile is set to the size of the main stream of the object in bytes.<255> For named pipes this value SHOULD be 0.<256>

  • FileAttributes MUST be set to the attributes of the object following the syntax specified in section 2.2.14.<257>

  • FileId.Persistent MUST be set to Open.DurableFileId.

  • FileId.Volatile MUST be set to Open.FileId.

  • CreateContextsOffset MUST be set to the offset, in bytes, from the beginning of the SMB2 header to the first SMB2_CREATE_CONTEXT response. If no SMB2_CREATE_CONTEXT response is returned, this value MUST be set to 0.

  • CreateContextsLength MUST be set to the length, in bytes, of the list of SMB2_CREATE_CONTEXT response structures. If no SMB2_CREATE_CONTEXT response structure is returned, this value MUST be set to 0.

This response MUST be sent back to the client.

The status code returned by this operation MUST be one of those defined in [MS-ERREF]. Common status codes returned by this operation include:

  • STATUS_SUCCESS

  • STATUS_INSUFFICIENT_RESOURCES

  • STATUS_ACCESS_DENIED

  • STATUS_OBJECT_NAME_NOT_FOUND

  • STATUS_INVALID_PARAMETER

  • STATUS_STOPPED_ON_SYMLINK

  • STATUS_USER_SESSION_DELETED

  • STATUS_NETWORK_NAME_DELETED

  • STATUS_NETWORK_SESSION_EXPIRED

  • STATUS_NOT_SUPPORTED

  • STATUS_EAS_NOT_SUPPORTED

  • STATUS_DISK_FULL

  • STATUS_FILE_CLOSED

The following create contexts are potentially received as part of the create request. In each subsection, handling this create context is outlined.

 
Show:
© 2014 Microsoft